Hacker Discloses New Windows Zero-Day Exploit On Twitter


A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.

SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege escalation flaw residing in Microsoft Data Sharing (dssvc.dll).

The Data Sharing Service is a local service that runs as LocalSystem account with extensive privileges and provides data brokering between applications.

The flaw could allow a low-privileged attacker to elevate their privileges on a target system, though the PoC exploit code (deletebug.exe) released by the researcher only allows a low privileged user to delete critical system files—that otherwise would only be possible via admin level privileges.

“Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them.. meaning you can delete application dll’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:windowstemp and hijack them,” the researcher wrote.

Since the Microsoft Data Sharing service was introduced in Windows 10 and recent versions of Windows server editions, the vulnerability does not affect older versions of Windows operating systems including 7 or 8.1.

The PoC exploit has successfully been tested against “fully-patched Windows 10 system” with the latest October 2018 security updates, Server 2016 and Server 2019, but we do not recommend you to run the PoC, as it could crash your operating system.

This is the second time in less than two months SandboxEscaper has leaked a Windows zero-day vulnerability.

In late August, the researcher exposed details and PoC exploit for a local privilege escalation vulnerability in Microsoft Windows Task Scheduler occurred due to errors in the handling of the Advanced Local Procedure Call (ALPC) service.

Shortly after the PoC released for the previous Windows zero-day flaw, the exploit was found actively being exploited in the wild, before Microsoft addressed the issue in the September 2018 Security Patch Tuesday Updates.

SandboxEscaper’s irresponsible disclosure once again has left all Windows users vulnerable to the hackers until the next month’s security Patch Tuesday, which is scheduled for November 13, 2018.

Products You May Like

Articles You May Like

Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
Ro, a direct-to-consumer online pharmacy, reaches $500M valuation
DCMS Shares UK Journalists Emails, Potential GDPR Breach
Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission
Facebook: we logged 100x more Instagram plaintext passwords than we thought

Leave a Reply

Your email address will not be published. Required fields are marked *